Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch

281

282

283

284

285

286

287

288

289

290

Fabric OS Encryption Administrator’s Guide (DPM) 265

53-1002720-02

Measuring encryption performance

• Time of day on the switch

• Key Vault client SDK version

• Timeout and retry policy for the client SDK

The key vault client SDK version, and timeout and retry policy for the client SDK could differ across

encryption nodes, depending on the firmware versions they are running.

This feature also reports the results of a vault connectivity check and the results of a validation

check on key operations. These results are specific to each encryption node. The operations done

as part of this are:

• Connects to the key vault and performs a connectivity check, reports any possible issues in

case of failure, for example, certificate issues, username or password issues, or connectivity

issues.

• Attempts to retrieve a key and indicates any possible issues in case of failure.

• Attempts to store a key on the vault and indicates any possible issues in case of failure.

• Verifies if a key written is synchronized across the vaults in a cluster.

This check indicates only the synchronization capability at a given point of time, and does not

mean all keys on the vault are synchronized. The need for manual synchronization of keys

depends on the point of key vault connectivity failure or user-initiated operations (for example,

reboot) and is not identified by the KV diagnostics report. However if such a failure occurs

when diagnostics tests are run, failures will be identified and indicated.

• Displays any errors returned from the key vault and indicates the possible issue with

configuration or setup that needs manual intervention, such as synchronization of keys or

reissuing certificates.

• In a situation whereby a key cannot be created on the vault, (for example, an error message

shows “key exists,” “not enough permissions,” or “key creation failure”), verifies the failure and

provides additional information. The information shown will vary based on the key vault type.

For additional command information, refer to the Fabris OS Command Reference v7.0.0.

Measuring encryption performance

With the introduction of Fabric OS v7.1.0, you can monitor the throughput of redirected I/O flow

through an encryption engine (EE). In support of this functionality, the cryptocfg

--perfshow

command is used.

The cryptocfg

--perfshow command displays the throughput performance between the external

ports and the internal cryptographic processing modules, similar to the way that

-portperfshow

displays throughput performance at the external port. Throughput is measured as Bytes/second.

For example:

FabricAdmin:switch> cryptocfg --perfshow [slot] [-rx | -tx | -tx -rx]

[-interval <time in seconds>]

Whereby:

• Slot displays the throughput of redirected I/O flow through the EE in a given slot of the

chassis.

• -tx displays the transmit throughput of the redirected I/O.

• -rx displays the receive throughput of the redirected I/O.